On Mon, Mar 12, 2007 at 01:46:42PM -0400, Justin Pryzby wrote:
> Package: tiger
> Version: 3.2.1-35
> Severity: important
> Tags: security
>
> |#
> |# Given a temporary file determines if it exists
> |# if it does bails out since it shouldn't be there
> |safe_temp()
> |{
> | for __tmpfile
> | do
> | if [ -f "$__tmpfile" ] ; then
> | echo "--ERROR-- [init009e] Tempfile \`$__tmpfile' exists."
> | exit 1
> | else
> | >$__tmpfile
> | fi
> | done
> |}
> This is apparently supposed to be a safe and portable way of making tempfiles;
> but tempfile wrappers are essentially guaranteed to be unsafe.
Yes, safe_temp is not a generic safe way of making tempfiles, but have you
seen any call of safe_temp out of $WORKDIR (/var/run/tiger/work)?
As this directory is not world writable, I don't think there may be a race
condition (except attempts from a root who wants to become root).
I don't think there is a security issue here.
Using 'tempfile -n' instead of '>' or checking that the file is really in
$WORKDIR can make this wrapper safer (could avoid an audit of all the
safe_temp call, which was probably already done by Javier)
Kind Regards,
--
Nekral
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
